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Amendments to the Claims 

This listing of claims will replace all prior versions and listings of claims in the application: 
Listing. pf claims: 

1 . (currently amended) A method for providing cryptographic functions to data packets below 
the network layer of a network stack and transparent to th e hidden from said network layer, the 
method including the steps of: 

intercepting in the data link layer of said network stack, datagrams transferred b e tween 
outbound to and inbound from [[the]] said network layer and^rhot - h e r -l a - y e r - b e lo^th e- n e t - wor - k 
layer, said datagrams being encapsulated by a header and a footer associated with transfer 
b etween the network layer and said [[other]] data link layer and having at least one encapsulated 
data packet; 

decapsulating said datagrams by removing said header and said footer to retrieve said at 
least one encapsulated data packet; 

examining said at least one encapsulated data packet and referencing a security policy to 
determine whether to process said at least one encapsulated data packet according to said 
security policy using said cryptographic functions; 

if said at least one encapsulated data packet requires processing, modifying said at least 
one encapsulated data packet to provide said cryptographic functions; [[and]] 

preparing reconstructed re eon s t - raefcing -s aid datagrams by re-encapsulating said at least 
one encapsulated data packet with said header and said footer for-tran s mi ss ien-along- s aid 

providing said reconstructed datagrams back to said data link layer for continued 
transmission along said network stack , 

2. (original) The method of claim 1 wherein said data packet is an IP packet having a header, an 
address and data. 

3. (original) The method of claim 1 wherein said step of modifying said data packet includes the 
further step of selecting an IPSec protocol 
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4. (currently amended) The method of claim 1 wherein the step of examining said at least one 
encapsulated data packet further includes the- s t e p s -ofe 

checking header information o£eutb ound - d ata - p aek e ts-fi rom -s ai 4 - n e t wor k-1 ay e r - te 



5. (currently amended) A system for processing data packets for secure communications between 
correspondents of said system by providing cryptographic functions to data packets below the 
network layer of a network stack and transpa re nt to th e hidden from said network layer, said 
system having: 

a packet interceptor in the data link layer of said network stack for intercepting datagrams 
transf e rr e d-b e few ee n outbound to and inbound from the network [ayer and-afre#iepteyepbelew 
the-Betwerir4ayeF, said datagrams being encapsulated by a header and a footer associated with 
transfer between the network layer and said [[other]] data link layer and having at least one 
encapsulated data packet, said packet interceptor for decapsulating said datagrams by removing 
said header and said footer to retrieve said at least one encapsulated data packet, and said packet 
interceptor for preparing reconstructed feee a s tmetrng -said datagrams by re-encapsulating said at 
least one data packet with said header and said footer for transmission along said network stack 
and for providing said reconstructed datagrams back to said data link layer for continued 
transmission along said network stack ; 

a security policy manager including at least one security policy storing processing rules 
for said data packets and for selecting at least one of said processing rules for said at least one 
encapsulated data packet according to said security policy; and 

a processing module for examining said at least one encapsulated data packet 
decapsulated by said packet interceptor, and if said at least one encapsulated data packet requires 
processing, modifying said at least one encapsulated data packet by selecting and applying said 
cryptographic functions thereto, said processing module being in communication with said 
security policy manager; 

wherein said datagrams are intercepted and examined in accordance with said processing 

rules. 
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6, (currently amended) The system of claim 5, wherein the packet interceptor is a software 
module te e - at e d-at-t - h e-dat a lin k la ycpef-the-aetwe rk stack . 

7, (original) The system of claim 6, wherein said software module is a driver included in a kernel 
of an operating system in computer readable medium of said system. 

8, (previously presented) The system of claim 5, wherein the cryptographic functions are 
implemented using an IPsec protocol by said processing module, 

9, (previously presented) The system of claim 5, wherein said secure communications between 
correspondents of said system are provided via a virtual private network. 

10, (currently amended) A method for providing a cryptographic system for communication 
between correspondents in a communication network to data packets below the network layer of 
a network stack and hidden from said network layer , said method comprising the steps of; 

providing in the data link layer a security module in a computer readable medium at each 
of said respondents, said security module having: 



and inbou nd from the network layer and^n - et - heFl - ^ -e i ^ b e lo^th e -n e Kvork-iayer , said 
datagrams being encapsulated by a header and a footer associated with t - r - an s f e iMs e tw ee n 
th e -n e fovork-1 ay e r - and said [[other]] data link layer and having at least one encapsulated 
data packet, said packet interceptor for decapsulating said datagrams by removing said 
header and said footer to retrieve said at least one encapsulated data packet, and said 
packet interceptor for preparing, reconstnj c ted r e son s trueting -s a i d datagrams by re- 
encapsulating said at least one data packet with said header and said footer for 



back to said data link layer for continued transmission along said network stack ; 

a security policy manager including at least one security policy storing processing 
rules for said data packets and for selecting at least one processing rule for said 
encapsulated data packet according to said security policy; and 



a packet interceptor for intercepting datagrams 




outbound to 




and for providing said reconstructed datagrams 
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a processing module for examining said at least one encapsulated data packet 
decapsulated by said packet interceptor, and if said at least one encapsulated data packet 
requires processing, modifying said at least one encapsulated data packet by selecting and 
applying cryptographic functions thereto, said processing module being in 
communication with said security policy manager; 

examining in said data link layer, said data packets decapsulated by said packet 
interceptor outbound frefH^td-eeFr-espendents to said network layer to determine whether 
processing by said processing module is required; and 

examining in said data link layer, said data packets decapsulated by said packet 
interceptor inbound to- s aid-eorr es pend e nt -s frorn said network layer to determine whether 
processing by said processing module is required by checking whether said data packets include 
cryptographic functions. 

11. (cancel) 

12. (currently amended) A method according to claim [[1 1]] i wherein said datagrams are PPP 
datagrams. 

13. (previously presented) A method according to claim \ 7 said at least one encapsulated data 
packet being an IP data packet. 

14. (previously presented) A method according to claim 1 wherein said modifying comprises 
IP Sec tunneling. 

15. (previously presented) A method according to claim 1 wherein said referencing comprises 
reviewing a predetermined set of selectors being one or more of a destination IP address and a 
transport layer port. 
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